Can All-In-One Security Appliances Secure The Network?

As hackers have honed their ability to get dangerous code, like the Sasser worm, to jump right through an Internet browser without the inconvenience of having to wait for an e-mail user to open a file, vendors quickly moved their security and antivirus technology outward from the PC and on to the network.

This shift in intrusion protection spurred industry partnerships like Cisco Systems' Network Admissions Control (NAC) program, which brought rivals Symantec, Trend Micro, McAfee and others together under the banner of integration at the network level. It also unleashed a flurry of appliance-based security products that could be placed strategically about the network to scan for vulnerabilities and detect attacks.

The upside is a hot security appliance market. The downside comes with the decision making. Can appliances that offer firewall, antivirus, intrusion detection and vulnerability assessment complete the task of securing a network? Or are they just souped-up components of a broader security deployment that still leave VARs explaining to customers why so much functionality overlaps with what's likely already running on their servers and PCs?

Jeff Brown, director of business development at NSA Services, Stoughton, Mass., said that with the increased onus on security, "a lot has changed" in the appliance market. "Historically, you've had purpose-built appliances for certain functionality. But now, where you get into trouble is when you cast a wide net of all security technologies on one appliance," Brown said. "A layered approach to network defense is very important."

The size of a customer plays into the decision as well. Small businesses are typically attracted to security appliances based on the notion "that they just connect it, plug it in and watch it work," said Kevin Connell, CTO of Beaverton, Ore.-based Endurics.But the decision process gets murky from there, particularly when taking into account that some appliances are essentially managed services that, to some extent, remain connected to a vendor's security Network Operations Center, said Connell. This breed of appliance downloads virus signatures, updates and, in some cases, automatically begins patching code"a managed service proposition that attracts customers both big and small. "Typically, the larger organization will have their own in-house IT folks, so the smaller guys may be more interested in the managed services angle," he said.

Bob Duff, senior technical consultant at Networks of Florida, a Pensacola, Fla.-based reseller, said he has found that most large enterprises with IT departments "usually want to manage all their own devices."

Stephen Elek, an independent IT consultant and reseller in South Bend, Ind., pointed out that companies with single-vendor environments are well suited for server- and client-based security tools. However, the more common mixed-vendor environment can benefit greatly from security appliances. Even so, putting all your chips on one security vendor is a mistake, Elek said.

It all goes back to the layered security approach, said David Botham, director of networking and security at Norcross, Ga.-based Optimus Solutions. "At the network layer there is a tendency to lean toward an appliance model for security. They are more reliable, easy to maintain and more secure," Botham said. "But everyone knows businesses run things that don't run on appliances, like ERP systems and the like. So agent- and server-based protection models also come into play."